Created attachment 460346 [details]
A video showing the registration process - the face ID prompt is shown even though an error is thrown.

The registration process with WebAuthn on IOS works fine and expected. As we use the same code on both android and IOS, we dont use discoverable credentials, but instead saves the credential-id in a cookie. If an user deletes his cookie, we can not see if the user has registered previously without prompting the user for registration again. This is okay, and if we get an InvalidStateError (because the user is already registered) we let the user think he has registered again, and just creates a new cookie.

The problem is: When the navigator.credentials.create() is called, the InvalidStateError is catched immideately, before the user have time to do anything about the faceID prompt which shows. When the InvalidStateError is caught, the Registration Completed page shows (See the video - "Biometri ble lagt til" in Norwegian). This means the completed page is shown behind the face-id prompt, which is very confusing for the user. How can the registration be completed if the face-id prompt is not finished?

On Windows, the InvalidStateError is not thrown before the user has completed the faceid prompt, which means the registration-process is experienced exactly as a first-time registration.

I think this might be a bug, that the prompt is shown even though the error is thrown? I would prefer the logic to be the same as on Windows - the error is thrown after the faceid prompt is completed, but not showing the prompt at all would also be better. 

Best regards, Nina